“Reduce, reuse, recycle” is the mantra of the green movement. In fact, that slogan is itself really just a recycling, as it were, of the old adage “waste not, want not.” It makes sense: Reducing waste, reusing items or recycling things that are no longer useful in their current form conserves both natural resources — which don’t have to be harvested or mined — and limited landfill space.

But are there things for which this thrifty mindset doesn’t work? Yes — passwords.

While reducing, reusing and recycling passwords across multiple sites makes them a lot easier to keep up with, it also makes accounts a lot easier to hack. In fact, it reduces your overall security to the level of the most insecure system the password is used on, since a breach on one site effectively rends all the others using the same credentials vulnerable as well.

This means that if an attacker steals your password for a site on which you have no sensitive information stored and, as a result, security was an afterthought both for you and the site administrators, that attacker also has the key to potentially unlock all the other sites you use, including the ones where your most valuable data is stored. If that data happens to be credit card numbers, identity information or corporate secrets, things could get very bad in a hurry.

The Danger Is Real

Apparently, the breach resulted from — you guessed it — reuse of passwords across multiple sites. Apple responded by advising affected users to “change their Apple ID password as soon as possible and avoid using the same user name and password for multiple services.”

This is good advice even if you haven’t been hacked. In fact, it’s even better advice to use before you are hacked to prevent damage in the first place.

Lock Down Passwords with SSO

So how can you maintain passwords that are:

  • Unique for each system;
  • Hard to guess (which usually makes them hard to remember); and
  • Changed frequently?

Either develop a superpower to remember random details or use a single sign-on (SSO) tool to manage all the minutiae. Since the latter is easier to acquire than the former, I’d opt for that alternative. The SSO tool can reduce the password problem to a manageable size by giving you a single master key to unlock the vault of unique passwords it has generated for you for each site and not reuse or recycle existing credentials. This approach contains the damage of a breach on one system to only that system and prevents the sort of cascading failure that presumably was at the source of all the locked iPhones.

If you’re concerned that the SSO tool could be hacked, then use two-factor authentication to lock it down so that an attacker would have to not only steal your master password, but also your security token, mobile phone or fingerprint as well. While not impossible, it certainly makes things more difficult for the bad guys, and that’s the goal.

Also, don’t overlook the fact that this may be the only security enhancement you will ever implement that will actually improve the accessibility and usability of your system, since the SSO tool will not only manage all your unique, random, constantly changing passwords, it will actually type them in for you automatically so typos during log-on become a thing of the past.

More from Identity & Access

CISA, NSA Issue New IAM Best Practice Guidelines

4 min read - The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) recently released a new 31-page document outlining best practices for identity and access management (IAM) administrators. As the industry increasingly moves towards cloud and hybrid computing environments, managing the complexities of digital identities can be challenging. Nonetheless, the importance of IAM cannot be overstated in today's world, where data security is more critical than ever. Meanwhile, IAM itself can be a source of vulnerability if not implemented…

4 min read

The Importance of Accessible and Inclusive Cybersecurity

4 min read - As the digital world continues to dominate our personal and work lives, it’s no surprise that cybersecurity has become critical for individuals and organizations. But society is racing toward “digital by default”, which can be a hardship for individuals unable to access digital services. People depend on these digital services for essential online services, including financial, housing, welfare, healthcare and educational services. Inclusive security ensures that such services are as widely accessible as possible and provides digital protections to users…

4 min read

What’s Going On With LastPass, and is it Safe to Use?

4 min read - When it comes to password managers, LastPass has been one of the most prominent players in the market. Since 2008, the company has focused on providing secure and convenient solutions to consumers and businesses. Or so it seemed. LastPass has been in the news recently for all the wrong reasons, with multiple reports of data breaches resulting from failed security measures. To make matters worse, many have viewed LastPass's response to these incidents as less than adequate. The company seemed…

4 min read

Cybersecurity in the Next-Generation Space Age, Pt. 3: Securing the New Space

8 min read - View Part 1, Introduction to New Space, and Part 2, Cybersecurity Threats in New Space, in this series. As we see in the previous article of this series discussing the cybersecurity threats in the New Space, space technology is advancing at an unprecedented rate — with new technologies being launched into orbit at an increasingly rapid pace. The need to ensure the security and safety of these technologies has never been more pressing. So, let’s discover a range of measures…

8 min read